Re: [Pki-users] keygen support in RA

Andrew Wnuk writes: > On 06/08/2011 02:46 PM, Mike Helm wrote: >> Andrew Wnuk writes: >>> Will Safari on iPad work similar way? >> ipad/iphone seems to lack crypto services - there's nothing presented >> by<keygen>,& no keys are generated. I don't find any UI for certificate >> management either but I don't know very much about this platform. >> >> We suspect Apple is going to (or maybe does) support certificates by >> generating keys, signing,& pushing to the device. I'd like to be >> wrong about all of this - if we had some certificate UI we could >> start supporting this platform in some capacity, which would be very >> welcome. Thanks, ==mwh > I saw some references on the net saying that iPad could use SCEP > protocol to deploy certificates. > (http://images.apple.com/ipad/business/pdf/iPad_Deployment_Scenarios.pdf) > Have you tried this? No we haven't but thanks for that tip - will definitely look into this. My _guess_ at this point is that the platform can't generate the keys, it needs to get them from somewhere else. Having never used SCEP I don't know if the ipad platform can use a bare key pair to craft a signed SCEP request or not. Otherwise, I read the page as discussing various methods the ipad can use to download a certificate from a smarter one - like your Mac laptop. However, the page doesn't seem to distinguish the private key handling from cert handling, so.... Hand-me-down certificates fit our working scenarios today but we'll soon have customers that want to conduct these transactions directly on their mobile platform. I think that'll mean we have to have a key pair generator or some other trusted service. Thanks, ==mwh _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users